Spambot Prevention Suggestions

[Gregor]

Quote:

Originally Posted by DampRobot

OK, if image verification or IP blacklisting won't work, why not ask a FIRST related question. For example, what was the 2011 game name? Or, Which country are 1114 and 2056 located in? Or, what is one FRC supported programming language?

As hard as it to believe, a lot of FIRST participants wont know the answer to those questions, especially people making new accounts.

[Woolly]

Quote:

Originally Posted by Gregor

As hard as it to believe, a lot of FIRST participants wont know the answer to those questions, especially people making new accounts.

Fill in the blank with the missing word in the FIRST acronym?


I mean, even if they are new members, if they don't know stuff like that, it maybe it's time they do a Google search and learn it.

[EricH]

Quote:

Originally Posted by Woolly

Fill in the blank with the missing word in the FIRST acronym?


I mean, even if they are new members, if they don't know stuff like that, it maybe it's time they do a Google search and learn it.

If a new member can do a search and learn it, so can a spammer. As I recall, there IS such a question (having to do with a core value of FIRST) already.


Captcha? Check.
FIRST-related question? Check.
Auto-moderator/quarantine? Check.

Anybody got any other ideas? BTW, these were all implemented either early on or after a particularly vicious spam attack.

[DampRobot]

Not allowing first time posters to start a thread. If you are a real FIRSTer, you must have something to say in a thread before you start your "PLEZ HELP ROBOT SMOKING" thread. It would encourage searching too!

[magnets]

My first couple posts took about a day to go through because it said that a moderator was approving it. From what I see, this only happens to a few of the new users, or moderators are approving spam. Perhaps this policy should be tightened to the first ten posts from any users.

[jwallace15]

Although strange locations and non-FIRST postings are among the activities of spambots, not all people who join CD that do those things are spammers.

http://www.chiefdelphi.com/forums/sh...d.php?t=117653

Couple weeks ago, this person not affiliated with FIRST asked a viable programming question.

From what I've seen spambots only spam when they start their own thread, not on an existing thread. My suggestion is to pre-screen new thread requests from new users.

I also like Efoote868's suggestion about basically granting more priveliges to those with higher rep.

I recall starting a thread when I first joined and seeing a message that said my thread would be previewed by Moderators before it was posted, and that I kept checking to see if it was approved. Was this feature taken away?

EDIT: I recall once seeing a viable thread started by a new user that was edited once it was posted to be spam. So the system can be fooled.

[connor.worley]

A lot of the spam threads contain 15+ links. Maybe a hyperlink limit/verification would be ideal?

[Caleb Sykes]

Quote:

Require new accounts to receive at least some positive reputation before they're allowed to create a new thread, which is where most spam goes.

I disagree. I made my CD account specifically to ask a time-sensitive question during the build season. There is no way that I would have even bothered if I had had to weigh in on other discussions and wait for someone nice to give me rep points. I had, in fact, searched through CD several times, and my question hadn't been asked.

Quote:

OK, if image verification or IP blacklisting won't work, why not ask a FIRST related question. For example, what was the 2011 game name? Or, Which country are 1114 and 2056 located in? Or, what is one FRC supported programming language?

I didn't learn about 1114 and 2056 until the end of the 3rd year on my team. "Common knowledge" on CD is, quite frankly, not common knowledge for a lot of students/mentors out there.

[techhelpbb]

Ask FIRST for the list of mentors they use to control access to the official question forum.
Then ask those mentors to register at ChiefDelphi.
Then give them the ability to confirm team member registrations.

No confirmation ... no post without moderation.

Set up modrewrite on this domain.
Track inbound IP.
Anyone claiming to be one place posting from more than 1 adjacent state/province not mentor approved gets flagged.
Saves moderation time.

Use Bayesian rules to flag posts.

Any post flagged by 2 confirmed mentors is redacted prior to review.

Hyperlinks are shortened. Checked by SourceFire, RBL and local black list.
This allows caching as well.
Any non-confirmed poster with less then 10 posts no hyperlinks allowed.
Allow any confirmed users to flag a hyperlink as a threat then setup a warning or make it text.

Allow donations over $15.
Allow donations of FIRST items ChiefDelphi can resell.
Allow donors to select to be listed if they like.

Expire confirmed accounts after 4 years.

[EricH]

Quote:

Originally Posted by techhelpbb

Ask FIRST for the list of mentors they use to control access to the official question forum.
Then ask those mentors to register at ChiefDelphi.
Then give them the ability to confirm team member registrations.

Not happening, for the following reasons:
1) Probably half the mentors won't register, unless it's required (and FIRST won't require it, I'm sure). And confirming team member registrations? Har.
2) The odds of a spambot using a given team number are slim--but the odds of them using 0000 are pretty decent.
3) Restricts Chief Delphi to only FIRSTers--which doesn't help with growing FIRST at all.

Essentially, that places a burden on the mods the first few times any given new member posts. As I noted earlier, I think the mod list needs a shakeup before any more work is placed on them.

The location tracking, and mentor approval... I think that's a bit clunky.

Oh, wait, I know! What's the most current version of vBulletin again, and which version are we on? (hint: they aren't the same)

[techhelpbb]

Quote:

Originally Posted by EricH

Not happening, for the following reasons:
1) Probably half the mentors won't register, unless it's required (and FIRST won't require it, I'm sure). And confirming team member registrations? Har.
2) The odds of a spambot using a given team number are slim--but the odds of them using 0000 are pretty decent.
3) Restricts Chief Delphi to only FIRSTers--which doesn't help with growing FIRST at all.

Essentially, that places a burden on the mods the first few times any given new member posts. As I noted earlier, I think the mod list needs a shakeup before any more work is placed on them.

The location tracking, and mentor approval... I think that's a bit clunky.

Oh, wait, I know! What's the most current version of vBulletin again, and which version are we on? (hint: they aren't the same)

I think you misunderstood. The confirmed users get full access with no restriction immediately. Non-confirmed members get some restrictions.
So if your team leader will not bother you still can post. Just deal with some restrictions initially. Ten post limits on hyperlinks exist on other forums. Membership durations on certain features exist on other forums. If FIRST will not provide the list or as you said the team leaders are not cooperating then allow cross team confirmation.

IP location tracking not only works I personally implemented it on sites that control 10% of the world's finances. You just need to be clever with it. You never use it as a completely automated blacklist. You use it to get a feel for who your customers are and their consistency as a moderation tool. If you know it is unusual for users to pop in from China then flag those posts. Moderation is *so* much less work when you mine your data intelligently. If the moderation is a problem now. What would happen if the post count doubles? In theory it is desirable to grow FIRST so a doubled post count should be positive but if as a moderator the job is too big now....well?

[artdutra04]

99.9% of the moderating I do is deleting spam. So here are some points:

1. For a while before last build season, all posts from new users had to approved by a moderator. On average, there seemed to be a 24-48 hour backlog on posts. Some users would then try to post again... and again... and again... and again because they did not see the posts show up immediately. This created almost as many problems as it solved.

2. The most viable method to preventing spam is to prohibit users that have under 50 posts OR less than 300 points (three green bars) in reputation from:
- Posting hyperlinks in posts or signature
- Editing their own posts

3. Some sub-forums have like 50 moderators, so chances are higher that someone will delete it sooner. Other really obscure and hardly ever used sub-forums have like 3 total moderators, and spam posts there can linger for months and months. I suggest we both significantly prune/lock/archive these forums and add some more active moderators to the remaining forums.

I've seen some spammers go on a 10-20 post blitz of posting worthless drivel posts to get their post count up. 50 posts and 300 points should be a high enough threshold to discourage most spammers. And no hyperlinks of any kind make spam posts worthless.

Maybe to help get some extra money, users under 50 posts or 300 rep points that donate to CD can have these restrictions immediately removed.

[techhelpbb]

Quote:

Originally Posted by artdutra04

99.9% of the moderating I do is deleting spam. So here are some points:

1. For a while before last build season, all posts from new users had to approved by a moderator. On average, there seemed to be a 24-48 hour backlog on posts. Some users would then try to post again... and again... and again... and again because they did not see the posts show up immediately. This created almost as many problems as it solved.

That works much better when the yet to be released posts are merely redacted.
Just post a place holder: Awaiting post approval. At least send an e-mail to the poster.

Then people know what is going on and not flood you.

You could do away with hyperlinks if you snapshot the target website.
Think like Google cache which is a spider.
You can get a picture of the canvas object in Mozilla and Chrome browsers.
Though this could get costly.

[protoserge]

Is there any possibility of updating the forum software to the current version 5?

Here is a list of plugins to help prevent spambots: http://www.vbulletin.com/forum/forum...ation-requests

[Cory]

I think if users under a post count threshold post more than maybe 3 (insert amenable number here) links in their post/signature they should automatically get sent to moderation.

The timely removal of spam is definitely because there's very few moderators in some of the forums that weren't getting spammed until recently. I know more moderators were added a year or two ago, but it didn't really help much (I think only one or two of them is actually still active on Chief). I take down stuff whenever I get the notification but anything in obscure forums takes longer since there's only a handful of active moderators as Art said.